Websites are now more secure with a new SSL Certificate automation process, implemented by UAB IT’s Infrastructure and Security team.
“Certificate authorities are currently limiting these lifespans to barely over one year,” said James Clark, a systems analyst with UAB IT. “We decided to implement the lifecycle automation where possible to reduce the manual effort when it comes to renewals.”
The automation process first began in 2021 and continues today. Currently, ITIS is one of the few groups automating certification lifecycles. There are two ways the team automates the certificates. They can download the Win-Acme agent, which will run scripts on a schedule to check and renew certificates before the expiration date. Another option, used for Linux systems, is to install a Cerbot agent. The agent will install the certification and from there scripts will run on a schedule to check and renew certifications.
There were a multitude of challenges that the team has faced since starting the process such as:
- SAN automations for Linux and Windows systems
- Automated renewals for certificated imbedded in applications
- Automated renewals for RSA vs ECC certificates on systems that utilize both certificate types
“To manually renew the large number of certificates implemented on UAB systems would be unsustainable,” Clark said. “This automated certificate renewal process is faster and more efficient than manually replacing certificates.